CVE-2024-42010 — Sensitive Information Exposure in Roundcube

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

7.5HIGHNVD

EPSS

14.8%

top 5.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Roundcube

Timeline

PublishedAug 5

Description

mod_css_styles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 insufficiently filters Cascading Style Sheets (CSS) token sequences in rendered e-mail messages, allowing a remote attacker to obtain sensitive information.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶debiandebian/roundcube< roundcube 1.6.5+dfsg-1+deb12u3 (bookworm)

🔴Vulnerability Details

OSV

CVE-2024-42010: mod_css_styles in Roundcube through 1↗2024-08-05

▶

GHSA

GHSA-853r-xr2f-r2x6: mod_css_styles in Roundcube through 1↗2024-08-05

▶

📋Vendor Advisories

Debian

CVE-2024-42010: roundcube - mod_css_styles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 insufficiently...↗2024

▶